CVE-1999-0997

wu-ftp - Command Injection

Title source: llm

Description

wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.

Exploits (1)

exploitdb WORKING POC VERIFIED

by suid · textremoteunix

https://www.exploit-db.com/exploits/20563

View Code ZIP pw:eip

References (1)

Core 1

Core References

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2003/dsa-377

Scores

EPSS 0.0382

EPSS Percentile 88.2%

Details

Status published

Products (7)

millenux_gmbh/anonftp 2.8.1

redhat/linux 5.2

redhat/linux 6.0

redhat/linux 6.1

university_of_washington/wu-ftpd 2.4.2

university_of_washington/wu-ftpd 2.5.0

university_of_washington/wu-ftpd 2.6.0

Published Dec 20, 1999

Tracked Since Feb 18, 2026